The Problem With Open Source

Channel:
United Kingdom Modern Software Engineering
Subscribers:
230,000
Published on ● Video Link: https://www.youtube.com/watch?v=ctkGh7RpgQ8


Duration: 16:40
33,581 views
1,800

Open source software is a cornerstone of our industry, but there are risks associated with using it. Colors and faker were both extremely popular open source projects, downloaded millions of times every week, and then their developer sabotaged his own projects and stopped systems all over the world working. This isn’t the first time something like this has happened.

In this episode Dave Farley, author of Continuous Delivery and Modern Software Engineering, explores our relationship with open source and explores the questions, was the author of colors.js and faker.js a hero or a fool, and do companies that rely on oss take advantage of its authors?

--------------------------------------------------------------------------------------
📚 BOOKS:

🚨 MY NEW BOOK! 👉 📖 Dave’s NEW BOOK "Modern Software Engineering" is now available on
Kindle ➡️ https://amzn.to/3DwdwT3
(Paperback version available soon)
In this book, Dave brings together his ideas and proven techniques to describe a durable, coherent and foundational approach to effective software development, for programmers, managers and technical leads, at all levels of experience.

📖 "Continuous Delivery Pipelines" by Dave Farley
paperback ➡️ https://amzn.to/3gIULlA
ebook version ➡️ https://leanpub.com/cd-pipelines

📖 The original, award-winning "Continuous Delivery" book by Dave Farley and Jez Humble ➡️ https://amzn.to/2WxRYmx

NOTE: If you click on one of the Amazon Affiliate links and buy the book, Continuous Delivery Ltd. will get a small fee for the recommendation with NO increase in cost to you.

-------------------------------------------------------------------------------------
Also from Dave:

🎓 CD TRAINING COURSES
If you want to learn Continuous Delivery and DevOps skills, check out Dave Farley's courses
➡️ https://bit.ly/DFTraining

📧 JOIN CD MAIL LIST 📧
Keep up to date with the latest discussions, free "How To..." guides, events, online courses and exclusive offers. ➡️ https://bit.ly/MailListCD

-------------------------------------------------------------------------------------

LINKS:

Description from Sonatype ➡️ https://blog.sonatype.com/npm-libraries-colors-and-faker-sabotaged-in-protest-by-their-maintainer-what-to-do-now

Open Source Software (Wikipedia) ➡️ https://en.wikipedia.org/wiki/Open-source_software

“The Cathedral and the Bazaar” ➡️ https://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar
Faker email: https://marak.com/blog/2021-04-25-monetizing-open-source-is-problematic

Best practices for using open source software ➡️ https://snyk.io/blog/open-source-npm-packages-colors-faker/

GitHub security Advisory ➡️ https://github.com/advisories/GHSA-5rqg-jm4f-cqx7

Bomb making ➡️ https://abc7ny.com/suspicious-package-queens-astoria-fire/6425363/

“Fork this or pay me” ➡️ https://news.ycombinator.com/item?id=25032105&p=2

Open Source Definition ➡️ https://en.wikipedia.org/wiki/The_Open_Source_Definition

Business Models for OSS ➡️ https://en.wikipedia.org/wiki/Business_models_for_open-source_software

How to support OSS ➡️ https://opensource.com/article/19/4/ways-support-sustain-open-source

-------------------------------------------------------------------------------------

CHANNEL SPONSORS:

Equal Experts is a product software development consultancy with a network of over 1,000 experienced technology consultants globally. They increase the pace of innovation by using modern software engineering practices that embrace Continuous Delivery, Security, and Operability from the outset ➡️ https://bit.ly/3ASy8n0

Harness helps engineers and developers simplify and scale CI/CD, Feature Flags and Cloud Cost Management with an AI-powered platform for software delivery. ➡️ https://bit.ly/3Cfx3qI

Octopus are the makers of Octopus Deploy the single place for your team to manage releases, automate deployments, and automate the runbooks that keep your software operating. ➡️ https://octopus.com/

SpecFlow Behavior Driven Development for .NET SpecFlow helps teams bind automation to feature files and share the resulting examples as Living Documentation across the team and stakeholders. ➡️ https://go.specflow.org/dave_farley

----------------------------------------------------------------------------------------



Other Videos By Modern Software Engineering


2022-03-27Architectural Models & Microservices | Simon Brown and Hannes Lowette In The Engineering Room Ep. 5
2022-03-23Make Your Code Safe With DevSecOps
2022-03-1620 Questions To Ask Your Next Employer
2022-03-09Declarative vs Imperative in Functional Programming
2022-03-02Quality Assurance in Agile Software
2022-02-23Being A Java Developer Is The Best Job In The World
2022-02-16Will Low Code/No Code Kill Programming Jobs?
2022-02-09When Behaviour Driven Development Goes WRONG!
2022-02-02This Agile Method GUARANTEES Results
2022-01-26IDE vs Text Editor
2022-01-19The Problem With Open Source
2022-01-12How To Manage Your Boss! (Managing Up)
2022-01-05Stop Making THESE MISTAKES With BIG DATA
2021-12-29The 3 Types of Unit Test in TDD
2021-12-26How To Manage Software Complexity | Martin Thompson In The Engineering Room Ep. 4
2021-12-225 Books Every Software Developer NEEDS
2021-12-19How Agile Failed at the BBC and the FBI | Gojko Adzic In The Engineering Room Ep. 3
2021-12-15The Next Big Thing In Software Architecture
2021-12-12Java & Diversity In Tech | Trisha Gee In The Engineering Room Ep. 2
2021-12-08Software Crimes That Send Developers To JAIL
2021-12-05The Fundamentals Of Software Development | Martin Fowler In The Engineering Room Ep. 1


Tags:
open source
open source software
open source projects
open source apps
open source issues
fakers.js
colors.js
colors and faker
javascript
npm
npm error
npm software
software development
software engineering
computer science
continuous delivery
devops
Dave Farley